Vulnerability Details CVE-2016-7838
Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 72.5%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- http://www.securityfocus.com/bid/95099
- https://github.com/vslavik/winsparkle/commit/bb454857348245a7397f9e4fbb3a902f4ac25913
- https://jvn.jp/en/jp/JVN90813656/index.html
- https://jvn.jp/en/jp/JVN96681653/index.html
- https://www.wireshark.org/news/20161214.html
- http://www.securityfocus.com/bid/95099
- https://github.com/vslavik/winsparkle/commit/bb454857348245a7397f9e4fbb3a902f4ac25913
- https://jvn.jp/en/jp/JVN90813656/index.html
- https://jvn.jp/en/jp/JVN96681653/index.html
- https://www.wireshark.org/news/20161214.html
Products affected by CVE-2016-7838
-
cpe:2.3:a:winsparkle:winsparkle:0.1
-
cpe:2.3:a:winsparkle:winsparkle:0.1.1
-
cpe:2.3:a:winsparkle:winsparkle:0.2
-
cpe:2.3:a:winsparkle:winsparkle:0.3
-
cpe:2.3:a:winsparkle:winsparkle:0.4
-
cpe:2.3:a:winsparkle:winsparkle:0.5
-
cpe:2.3:a:winsparkle:winsparkle:0.5.1
-
cpe:2.3:a:winsparkle:winsparkle:0.5.2